Acceptable Uses for Technology What are Acceptable Uses for Technology? Almost all organizations require the use of technology to carry out their business processes – from laptops, tablets, and smartphones to printers, email, and cloud solutions. While the advancement of technology has allowed for the growth of many industries, maintaining old technology and introducing new technology into an organization’s environment can create new security vulnerabilities. This is why organizations must establish acceptable uses for technology, meaning that there are clearly defined policies and procedures for how the technology used in a specific environment is used. Acceptable use policies (AUP) normally have users agree to not use the services for illegal purposes, not attempt to harm the security of the technology or system, and to report any suspicious activity. Why are Acceptable Uses for Technology Important? Any and all devices that enter a work environment are susceptible to cyberattacks. With the increase in the usage of technology in the work environment, if personnel aren’t properly trained on AUPs, they could unknowingly give access to sensitive, unauthorized information, spread malware, or cause a data breach. Whether an organization offers company-supplied devices or has a bring-your-own-device policy, AUPs should be known by all employees across an organization. For instance, think about all of the mobile devices used in healthcare. What would happen if a laptop containing the PHI of thousands of clients was improperly used? It’s happened time and time again and has resulted in hundreds of thousands of patients being put at risk. Regardless of the size or industry your organization is in, neglecting to establish AUPs only increases your chances of experiencing a data breach. Case Study: Unauthorized Access to PHI For over a year, a patient coordinator at UPMC, a medical center located in Pittsburgh, gained unauthorized access to over 100 UPMC patients with the malicious intent of seeking revenge on two women from her former place of employment. Sue Kalina was able to successfully access their medical histories and send that information to their employer via email and phone, causing them embarrassment and mental distress. This breach underscores the necessity of establishing, implementing, and enforcing AUPs at any type of organization. Consider the type of data your organization holds – what could someone do with that information if it was improperly accessed? Could an employee at your organization gain access to information they have no need for and use it for personal vendettas? Malicious hackers should not be the only focus when it comes to preventing security threats; the worst kinds of attackers could end up being right within your organization.
6
Acceptable Uses for Technology